MDVSA-2008:034

Package name

emacs

Date

2008-02-04

Advisory ID

MDVSA-2008:034

Affected versions

CS4.0 i586 , CS4.0 x86_64 , 2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.0 i586 , 2007.1 x86_64

Problem description

The hack-local-variable function in Emacs 22 prior to version 22.2,
when enable-local-variables is set to ':safe', did not properly search
lists of unsafe or risky variables, which could allow user-assisted
attackers to bypass intended restrictions and modify critical
program variables via a file containing a Local variables declaration
(CVE-2007-5795; only affects Mandriva Linux 2008.0).

A stack-based buffer overflow in emacs could allow user-assisted
attackers to cause an application crash or possibly have other
unspecified impacts via a large precision value in an integer format
string specifier to the format function (CVE-2007-6109).

The updated packages have been patched to correct these issues.

Updated packages

CS4.0 i586

 ce19613054ce62dd96433b01b91258b1  corporate/4.0/i586/emacs-21.4-20.2.20060mlcs4.i586.rpm
 b67b18e5f5fccbb9c4012f49f31325f0  corporate/4.0/i586/emacs-X11-21.4-20.2.20060mlcs4.i586.rpm
 146214a37b174b2b59d7e883bb29802f  corporate/4.0/i586/emacs-doc-21.4-20.2.20060mlcs4.i586.rpm
 0bf2f09a9a5a0b02c0f9600e34ba9f84  corporate/4.0/i586/emacs-el-21.4-20.2.20060mlcs4.i586.rpm
 92cd0e9c3bfa881f0303810d6e9e8cbf  corporate/4.0/i586/emacs-leim-21.4-20.2.20060mlcs4.i586.rpm
 7a75213230a1f3a905ee91d588b6cd08  corporate/4.0/i586/emacs-nox-21.4-20.2.20060mlcs4.i586.rpm 
 af9fa010f39b56f24803926854f0595e  corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm

CS4.0 x86_64

 173a3addd59c8706d407be4926712920  corporate/4.0/x86_64/emacs-21.4-20.2.20060mlcs4.x86_64.rpm
 a445eb2f6c731ac7b11da483d533911a  corporate/4.0/x86_64/emacs-X11-21.4-20.2.20060mlcs4.x86_64.rpm
 46385585ed5da20703584623f862c8eb  corporate/4.0/x86_64/emacs-doc-21.4-20.2.20060mlcs4.x86_64.rpm
 32a6678ddee851f69d541cfafa3e101e  corporate/4.0/x86_64/emacs-el-21.4-20.2.20060mlcs4.x86_64.rpm
 980dce6cf406dac7c3ee1d89073c6d91  corporate/4.0/x86_64/emacs-leim-21.4-20.2.20060mlcs4.x86_64.rpm
 5814b72ab37b9bdd8ea2b58de765ebad  corporate/4.0/x86_64/emacs-nox-21.4-20.2.20060mlcs4.x86_64.rpm 
 af9fa010f39b56f24803926854f0595e  corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm

2007.0 x86_64

 a6ff38fc50ebb49e211bc5cf10231e01  2007.0/x86_64/emacs-21.4-26.2mdv2007.0.x86_64.rpm
 d8bc4c5f8663c2c4e3fef168db4f16b9  2007.0/x86_64/emacs-X11-21.4-26.2mdv2007.0.x86_64.rpm
 c5c6dd9d95905c838ca6d731f208f67e  2007.0/x86_64/emacs-doc-21.4-26.2mdv2007.0.x86_64.rpm
 a5ae4708158e52a3de4bdeb3e3c203fc  2007.0/x86_64/emacs-el-21.4-26.2mdv2007.0.x86_64.rpm
 0ef28ab5726ae394499645062c633602  2007.0/x86_64/emacs-leim-21.4-26.2mdv2007.0.x86_64.rpm
 e90514c50fd5cef37dc59a27b705d13c  2007.0/x86_64/emacs-nox-21.4-26.2mdv2007.0.x86_64.rpm 
 58b7e26033084006cda510468ebc75ac  2007.0/SRPMS/emacs-21.4-26.2mdv2007.0.src.rpm

2007.1 i586

 bacb82a95ab9babc66aa7a46e6b4dc82  2007.1/i586/emacs-21.4-26.2mdv2007.1.i586.rpm
 954785ebcf994cea467008606ceb7865  2007.1/i586/emacs-X11-21.4-26.2mdv2007.1.i586.rpm
 77e9d3072e695b29d07ebac0f40fd262  2007.1/i586/emacs-doc-21.4-26.2mdv2007.1.i586.rpm
 880b385fea1eb26b5bac57427c86ba08  2007.1/i586/emacs-el-21.4-26.2mdv2007.1.i586.rpm
 4f2e9e2a7a5099f4de32c53822cf736a  2007.1/i586/emacs-leim-21.4-26.2mdv2007.1.i586.rpm
 bb2fce94cb107de86bff7b0727be023c  2007.1/i586/emacs-nox-21.4-26.2mdv2007.1.i586.rpm 
 93460555120ee14779b4090ab77425a4  2007.1/SRPMS/emacs-21.4-26.2mdv2007.1.src.rpm

2007.0 i586

 f21e7e74502d46bc080f4a48080c574a  2007.0/i586/emacs-21.4-26.2mdv2007.0.i586.rpm
 a73d62aee609e6be32937b681780a0b6  2007.0/i586/emacs-X11-21.4-26.2mdv2007.0.i586.rpm
 589a15364fb4cfbf12e8e47b7104a7fa  2007.0/i586/emacs-doc-21.4-26.2mdv2007.0.i586.rpm
 2253dd2b8b5aa563add08e7350a65f44  2007.0/i586/emacs-el-21.4-26.2mdv2007.0.i586.rpm
 919175eea98794b2a4ea7b3626119a8a  2007.0/i586/emacs-leim-21.4-26.2mdv2007.0.i586.rpm
 a8c1c605bd854db7637b8318f7b5c7f5  2007.0/i586/emacs-nox-21.4-26.2mdv2007.0.i586.rpm 
 58b7e26033084006cda510468ebc75ac  2007.0/SRPMS/emacs-21.4-26.2mdv2007.0.src.rpm

CS3.0 x86_64

 91a59e872e88638df84b32cd7cdb7fe4  corporate/3.0/x86_64/emacs-21.3-9.3.C30mdk.x86_64.rpm
 a4ccc81d17b1397d5fdec6eb6e2ddad9  corporate/3.0/x86_64/emacs-X11-21.3-9.3.C30mdk.x86_64.rpm
 4f08fc2400cc2ef9ed3d2970f3324ffe  corporate/3.0/x86_64/emacs-el-21.3-9.3.C30mdk.x86_64.rpm
 d77294d54d8908cf3016cd7f1cafe1ea  corporate/3.0/x86_64/emacs-leim-21.3-9.3.C30mdk.x86_64.rpm
 7eba0bf35e01c4a6e1018a8cb5225115  corporate/3.0/x86_64/emacs-nox-21.3-9.3.C30mdk.x86_64.rpm 
 adc16c5f9ad32295db6ea036101069e2  corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm

2008.0 x86_64

 551b608acfd97bd227f3d3c8b5b6f155  2008.0/x86_64/emacs-22.1-5.1mdv2008.0.x86_64.rpm
 88e56aabb7dd52cdc9fd813ecc376c12  2008.0/x86_64/emacs-common-22.1-5.1mdv2008.0.x86_64.rpm
 6f1a0ffb0600cf3e076257f0972793a9  2008.0/x86_64/emacs-doc-22.1-5.1mdv2008.0.x86_64.rpm
 f6a8a3d45feb6d04e66fc5ffd4eb2067  2008.0/x86_64/emacs-el-22.1-5.1mdv2008.0.x86_64.rpm
 0377fec7fb8f09dfd84db6fa6de6ff0a  2008.0/x86_64/emacs-gtk-22.1-5.1mdv2008.0.x86_64.rpm
 f914847423ed5c5fa217f77c19d0b312  2008.0/x86_64/emacs-leim-22.1-5.1mdv2008.0.x86_64.rpm
 f834fbcb86b540946dbbb7fd68ef97d8  2008.0/x86_64/emacs-nox-22.1-5.1mdv2008.0.x86_64.rpm 
 fc5ae7001cfd746c5eedcb7172a0445c  2008.0/SRPMS/emacs-22.1-5.1mdv2008.0.src.rpm

CS3.0 i586

 846bc555f6e24843329bc971a0d86e7d  corporate/3.0/i586/emacs-21.3-9.3.C30mdk.i586.rpm
 e5f5a7c2885801f69284d2cf83cc7657  corporate/3.0/i586/emacs-X11-21.3-9.3.C30mdk.i586.rpm
 fbd6b3dcdbe55b8f6a238c6c28c819ac  corporate/3.0/i586/emacs-el-21.3-9.3.C30mdk.i586.rpm
 920d56462f970bd5228a3a9729ec149c  corporate/3.0/i586/emacs-leim-21.3-9.3.C30mdk.i586.rpm
 9a762f39fda7e8af966f2d8580ff561d  corporate/3.0/i586/emacs-nox-21.3-9.3.C30mdk.i586.rpm 
 adc16c5f9ad32295db6ea036101069e2  corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm

2008.0 i586

 e6dd6abf0cb27d303b22e80d1091bd1e  2008.0/i586/emacs-22.1-5.1mdv2008.0.i586.rpm
 4dfa152d8998fc5c8fe78e3cbaf125f6  2008.0/i586/emacs-common-22.1-5.1mdv2008.0.i586.rpm
 ff9cc6e64a7142198b49f551944f7357  2008.0/i586/emacs-doc-22.1-5.1mdv2008.0.i586.rpm
 25af5a88aacdbaa419a67d4adf125589  2008.0/i586/emacs-el-22.1-5.1mdv2008.0.i586.rpm
 dd847a0b9e3eb8cd59d69dc365320ff1  2008.0/i586/emacs-gtk-22.1-5.1mdv2008.0.i586.rpm
 3592f389b333475fa94cb4dc84cde8be  2008.0/i586/emacs-leim-22.1-5.1mdv2008.0.i586.rpm
 0fb982382245c7858def3f788820cdac  2008.0/i586/emacs-nox-22.1-5.1mdv2008.0.i586.rpm 
 fc5ae7001cfd746c5eedcb7172a0445c  2008.0/SRPMS/emacs-22.1-5.1mdv2008.0.src.rpm

2007.1 x86_64

 8285245a590680e2cee5520e4a627703  2007.1/x86_64/emacs-21.4-26.2mdv2007.1.x86_64.rpm
 bc97da27f378af323630a2f318c24155  2007.1/x86_64/emacs-X11-21.4-26.2mdv2007.1.x86_64.rpm
 306c2ea8ecc96094195ed970e6648245  2007.1/x86_64/emacs-doc-21.4-26.2mdv2007.1.x86_64.rpm
 4dddafd86ec989b8329062c44a909a9c  2007.1/x86_64/emacs-el-21.4-26.2mdv2007.1.x86_64.rpm
 024fed6e709952488ef2d6ed0397de9d  2007.1/x86_64/emacs-leim-21.4-26.2mdv2007.1.x86_64.rpm
 c096d01ea9be0779f46d8a1474d5318f  2007.1/x86_64/emacs-nox-21.4-26.2mdv2007.1.x86_64.rpm 
 93460555120ee14779b4090ab77425a4  2007.1/SRPMS/emacs-21.4-26.2mdv2007.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5795
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109